op public repos

Commit Diff

Commit:: 7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Jan 1 17:08:39 2022 UTC
Message:: simplify the proxying code it doesn't make any sense to keep the proxying info per-location: proxying only one per-vhost. It can't work differently, it doesn't make sense anyway.
Actions:: Patch | Tree
commit - bd5f79542cf6491ed9e30bca926286e3b9e2600c
commit + 7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
blob - b86359b6d2484f209e48c7bb38e7ad3dd899e198
blob + a6e0d1bd0b46a24ebaa2337add20711460cee46a
--- gmid.c
+++ gmid.c
@@ -301,12 +301,7 @@ free_config(void)
 			free((char*)l->index);
 			free((char*)l->block_fmt);
 			free((char*)l->dir);
-
-			free(l->proxy_host);
 
-			tls_unload_file(l->proxy_cert, l->proxy_cert_len);
-			tls_unload_file(l->proxy_key, l->proxy_key_len);
-
 			if (l->dirfd != -1)
 				close(l->dirfd);
 
@@ -343,6 +338,10 @@ free_config(void)
 		free((char*)h->cgi);
 		free((char*)h->entrypoint);
 
+		free(h->proxy.host);
+		tls_unload_file(h->proxy.cert, h->proxy.certlen);
+		tls_unload_file(h->proxy.key, h->proxy.keylen);
+
 		TAILQ_REMOVE(&hosts, h, vhosts);
 		free(h);
 	}
blob - 1c9b061ee751b4d0f1e2b4163c29328a745490b1
blob + 7da15c2fe0a8d64a86e8e331a6807f6a8dea0f29
--- gmid.h
+++ gmid.h
@@ -97,6 +97,15 @@ struct fcgi {
 };
 extern struct fcgi fcgi[FCGI_MAX];
 
+struct proxy {
+	char		*host;
+	const char	*port;
+	uint8_t		*cert;
+	size_t		 certlen;
+	uint8_t		*key;
+	size_t		 keylen;
+};
+
 TAILQ_HEAD(lochead, location);
 struct location {
 	const char	*match;
@@ -111,13 +120,6 @@ struct location {
 	int		 disable_log;
 	int		 fcgi;
 
-	char		*proxy_host;
-	const char	*proxy_port;
-	uint8_t		*proxy_cert;
-	size_t		 proxy_cert_len;
-	uint8_t		*proxy_key;
-	size_t		 proxy_key_len;
-
 	const char	*dir;
 	int		 dirfd;
 
@@ -158,6 +160,7 @@ struct vhost {
 	struct envhead	 env;
 	struct envhead	 params;
 	struct aliashead aliases;
+	struct proxy	 proxy;
 };
 
 struct etm {			/* extension to mime */
@@ -242,7 +245,6 @@ struct client {
 	struct sockaddr_storage	 addr;
 	struct vhost	*host;	/* host they're talking to */
 	size_t		 loc;	/* location matched */
-	struct location	*l;
 
 	SPLAY_ENTRY(client) entry;
 };
@@ -347,7 +349,6 @@ const char	*vhost_default_mime(struct vhost*, const ch
 const char	*vhost_index(struct vhost*, const char*);
 int		 vhost_auto_index(struct vhost*, const char*);
 int		 vhost_block_return(struct vhost*, const char*, int*, const char**);
-struct location	*vhost_reverse_proxy(struct vhost *, const char *);
 int		 vhost_fastcgi(struct vhost*, const char*);
 int		 vhost_dirfd(struct vhost*, const char*, size_t*);
 int		 vhost_strip(struct vhost*, const char*);
blob - 154e3a5ba32d9397625ac08f91479e7f8e3f36ad
blob + db1ebb661db97c3967c7356fbf55ed043ef1bc54
--- parse.y
+++ parse.y
@@ -278,9 +278,57 @@ servopt		: ALIAS string {
 		| PARAM string '=' string {
 			add_param($2, $4, 0);
 		}
+		| proxy
 		| locopt
 		;
+
+proxy		: PROXY proxy_opt
+		| PROXY '{' optnl proxy_opts '}'
+		;
+
+proxy_opts	: /* empty */
+		| proxy_opts proxy_opt optnl
+		;
+
+proxy_opt	: CERT string {
+			struct proxy *p = &host->proxy;
 
+			only_once(p->cert, "proxy cert");
+			ensure_absolute_path($2);
+			p->cert = tls_load_file($2, &p->certlen, NULL);
+			if (p->cert == NULL)
+				yyerror("can't load cert %s", $2);
+		}
+		| KEY string {
+			struct proxy *p = &host->proxy;
+
+			only_once(p->key, "proxy key");
+			ensure_absolute_path($2);
+			p->key = tls_load_file($2, &p->keylen, NULL);
+			if (p->key == NULL)
+				yyerror("can't load key %s", $2);
+		}
+		| RELAY_TO string {
+			char		*at;
+			const char	*errstr;
+			struct proxy	*p = &host->proxy;
+
+			only_once(p->host, "proxy relay-to");
+			p->host = $2;
+
+			if ((at = strchr($2, ':')) != NULL) {
+				*at++ = '\0';
+				p->port = at;
+			} else
+				p->port = "1965";
+
+			strtonum(p->port, 1, UINT16_MAX, &errstr);
+			if (errstr != NULL)
+				yyerror("proxy port is %s: %s", errstr,
+				    p->port);
+		}
+		;
+
 locations	: /* empty */
 		| locations location optnl
 		;
@@ -330,7 +378,6 @@ locopt		: AUTO INDEX bool	{ loc->auto_index = $3 ? 1 :
 			loc->lang = $2;
 		}
 		| LOG bool	{ loc->disable_log = !$2; }
-		| proxy
 		| REQUIRE CLIENT CA string {
 			only_once(loc->reqca, "require client ca");
 			ensure_absolute_path($4);
@@ -345,48 +392,6 @@ locopt		: AUTO INDEX bool	{ loc->auto_index = $3 ? 1 :
 		| STRIP NUM		{ loc->strip = check_strip_no($2); }
 		;
 
-proxy		: PROXY proxy_opt
-		| PROXY '{' optnl proxy_opts '}'
-		;
-
-proxy_opts	: /* empty */
-		| proxy_opts proxy_opt optnl
-		;
-
-proxy_opt	: CERT string {
-			only_once(loc->proxy_cert, "proxy cert");
-			ensure_absolute_path($2);
-			loc->proxy_cert = tls_load_file($2, &loc->proxy_cert_len, NULL);
-			if (loc->proxy_cert == NULL)
-				yyerror("can't load cert %s", $2);
-		}
-		| KEY string {
-			only_once(loc->proxy_key, "proxy key");
-			ensure_absolute_path($2);
-			loc->proxy_key = tls_load_file($2, &loc->proxy_key_len, NULL);
-			if (loc->proxy_key == NULL)
-				yyerror("can't load key %s", $2);
-		}
-		| RELAY_TO string {
-			char		*at;
-			const char	*errstr;
-
-			only_once(loc->proxy_host, "proxy relay-to");
-			loc->proxy_host = $2;
-
-			if ((at = strchr($2, ':')) != NULL) {
-				*at++ = '\0';
-				loc->proxy_port = at;
-			} else
-				loc->proxy_port = "1965";
-
-			strtonum(loc->proxy_port, 1, UINT16_MAX, &errstr);
-			if (errstr != NULL)
-				yyerror("proxy port is %s: %s", errstr,
-				    loc->proxy_port);
-		}
-		;
-
 fastcgi		: SPAWN string {
 			only_oncei(loc->fcgi, "fastcgi");
 			loc->fcgi = fastcgi_conf(NULL, NULL, $2);
blob - 4c5d475f8a799fdfb2b42f9b47cc347825cb72dd
blob + 99fd84213f8ac958ba1be3c02189ac5a83d5996a
--- proxy.c
+++ proxy.c
@@ -284,6 +284,7 @@ proxy_handshake(int fd, short event, void *d)
 int
 proxy_init(struct client *c)
 {
+	struct proxy *p = &c->host->proxy;
 	struct tls_config *conf = NULL;
 
 	c->type = REQUEST_PROXY;
@@ -294,16 +295,14 @@ proxy_init(struct client *c)
 	/* TODO: tls_config_set_protocols here */
 	tls_config_insecure_noverifycert(conf);
 
-	if (c->l->proxy_cert != NULL) {
+	if (p->cert != NULL) {
 		int r;
 
-		r = tls_config_set_cert_mem(conf, c->l->proxy_cert,
-		    c->l->proxy_cert_len);
+		r = tls_config_set_cert_mem(conf, p->cert, p->certlen);
 		if (r == -1)
 			goto err;
 
-		r = tls_config_set_key_mem(conf, c->l->proxy_key,
-		    c->l->proxy_key_len);
+		r = tls_config_set_key_mem(conf, p->key, p->keylen);
 		if (r == -1)
 			goto err;
 	}
blob - 48453c1d9c58a20a12861a40db1f91b9157dc2f5
blob + a0edd85b8b5bdecb779307d2e4aff2b76031cca6
--- server.c
+++ server.c
@@ -207,27 +207,6 @@ vhost_block_return(struct vhost *v, const char *path, 
 	return loc->block_code != 0;
 }
 
-struct location *
-vhost_reverse_proxy(struct vhost *v, const char *path)
-{
-	struct location *loc;
-
-	if (v == NULL || path == NULL)
-		return NULL;
-
-	loc = TAILQ_FIRST(&v->locations);
-	while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
-		if (loc->proxy_host != NULL)
-			if (matches(loc->match, path))
-				return loc;
-	}
-
-	loc = TAILQ_FIRST(&v->locations);
-	if (loc->proxy_host != NULL)
-		return loc;
-	return NULL;
-}
-
 int
 vhost_fastcgi(struct vhost *v, const char *path)
 {
@@ -630,21 +609,20 @@ apply_block_return(struct client *c)
 static int
 apply_reverse_proxy(struct client *c)
 {
-	struct location *loc;
-	struct connreq r;
+	struct proxy	*p;
+	struct connreq	 r;
 
-	if ((loc = vhost_reverse_proxy(c->host, c->iri.path)) == NULL)
+	p = &c->host->proxy;
+	if (p->host == NULL)
 		return 0;
 
-	c->l = loc;
-
 	log_debug(c, "opening proxy connection for %s:%s",
-	    loc->proxy_host, loc->proxy_port);
-
-	strlcpy(r.host, loc->proxy_host, sizeof(r.host));
-	strlcpy(r.port, loc->proxy_port, sizeof(r.port));
+	    p->host, p->port);
+
+	strlcpy(r.host, p->host, sizeof(r.host));
+	strlcpy(r.port, p->port, sizeof(r.port));
 
-	strlcpy(c->domain, loc->proxy_host, sizeof(c->domain));
+	strlcpy(c->domain, p->host, sizeof(c->domain));
 
 	imsg_compose(&exibuf, IMSG_CONN_REQ, c->id, 0, -1, &r, sizeof(r));
 	imsg_flush(&exibuf);